What You Need to Know about Mobile Security

There might've been a time when you weren't overly worried about your mobile devices getting infected by malware - after all, viruses and spyware were a threat mostly to computers. But as smartphones and tablets become increasingly popular, so do threats that target mobile devices exclusively. According to a 2013 report by Web security provider Blue Coat Systems, an increasing amount of malware is making the jump from desktops to mobile. Security company McAfee also warned in February (PDF) that it detected over 36,000 malware threats, most of that number targeting Android devices.

Though it's not just Android. If you have a mobile device, you need to know how malware is targeting it and what you can do about it. If malware sneaks on to your phone or tablet, it can install adware, activate SMS Trojans that send out expensive text messages from your phone without you knowing, and even let others spy on your emails, texts and web browsing.

How malware infects your mobile devices

The most common way malware infects a phone or a tablet is through downloaded apps masquerading as a popular title or as a useful utility program. You'd think you wouldn't fall victim to that if you're careful, but some malicious programs are very well disguised as legitimate apps. In 2012, for instance, fake Angry Birds and Assassin's Creed apps hit Google Play, and many Android users unknowingly downloaded the malicious programs that charged them a premium rate - roughly $22 - for each app.

That modus operandi, however, might soon change. Security researcher Chris Astacio warns that it's very likely for attackers to start tweaking mobile malware to infect devices via web pages instead of through apps. At a presentation at the RSA Security conference in San Francisco in late February, he revealed that software that exploits vulnerabilities on computers has been starting to look out for web hits made by iPhones, iPads and Android devices. Which indicates that, although it's not yet an actual threat, this method might be used to attack mobile devices in the future.

Abundance of Android malware

In addition to MacAfee's report mentioned above, a 2012 report by Kaspersky Lab points to Android as the most popular target of mobile malware attacks. 94% of mobile threats targeted the Android platform in late 2012, most of which targeted Gingerbread (Android 2.3.6) devices, with Ice Cream Sandwich (Android 4.0.4) coming in a close second. More than half of all the malware detected by Kaspersky turned out to be SMS Trojans. So if you notice any unusual messaging activity on your phone, make sure to quickly take steps to protect it (see below). Also, make sure to update your Android device to the most currently available operating system; this often addresses security flaws in previous versions.

While there's an abundance of malware for Android, that doesn't mean phones running other operating systems are safe. Mobile app analyst Appthority recently published a report (PDF), revealing that iOS apps exhibit riskier behaviors than Android apps. That's because iOS apps have more access to your data and are more likely to send and receive unencrypted information. The first iOS malware that hit the App Store in mid-2012 harvested data from address books and sent info to a remote server - all the contact details gathered were sent spam text messages.

Windows Phone 8, which was introduced in mid-2012, is still relatively new, but a teenage hacker from India has already developed prototype malware for it. The good news? The teenage hacker didn't mean any harm - he only created the prototype to demonstrate that it is possible to infect a Windows Phone 8 device.

How to protect your phones and tablets

Always check the legitimacy of apps you download

You might think you're installing a well-known app, but you might have gotten the fake one. To save yourself the headache, always check who created the apps you download by making sure it was posted by the app's known developer. If you find an Angry Birds app posted by someone other than Rovio, do not download it. Report it to Google because it's most likely malware.

But what about if you're downloading an app you haven't heard of before? Make sure to go through the app's ratings and comments and look out for obvious red flags. If there's even just one reviewer who says the app is fake, it's worth looking more into it in case it really is. It also helps to dig through the developer's history to see what other apps it has previously submitted, and to look for info online. Finally, make sure you check the rating and read the reviews. Apps with few ratings (less than a few hundred) or lots of negative comments require extra caution.

Install anti-malware apps for your mobile devices

You now have quite a list to choose from when it comes to anti-malware software for your phones and tablets. You can get standalone apps - many for free - from your device's app store. Here are the security apps we recommend:

There are also all-in-one security programs you can purchase, which are essentially security software bundles for your mobile devices and your computers. These bundles, which include McAfee All Access, Kaspersky ONE, and Trend Micro Titanium Maximum Security, can be quite pricey, but you'll often find them at big discounts. McAfee All Access for one user is currently on promotion for $49.99 (down from $99), for instance, while a Trend Micro bundle (that includes a three-PC licence, one Mac Smart Surfing license, and one mobile security license for Android) is on sale for $33 (down from ($90) on Amazon..

But is it worth paying for these all-in-one security programs? Maybe - if you also have computers and other mobile devices that need anti-malware. If you're just really looking for a security software for a single mobile device, you're better off downloading one of the cheaper apps from your operating system's app store.

Scan your phone or tablet regularly, and protect your passwords

To add another layer of protection, it's best to install password protection apps, especially if you regularly do online banking or access any other financial information on your device. Look for password vaults for your OS, such as 1password (iOS, Android), Norton Identity Safe (iOS, Android) and LastPass (iOS, Android, Windows Phone 7). With these apps in place, you only need to type in your passwords once -- they auto-fill the password box next time you visit the same website. That way, if a keylogger (malicious software that can read everything you type and send it to an attacker) ever makes its way into your phone, it won't be able to capture your passwords.

Finally, after downloading and installing your anti-malware app, don't forget to scan your mobile device regularly. Schedule a scan once a week or more if you want to make sure your device is safe and that there are no threats hiding in the recesses of your phone or tablet, waiting for the right moment to strike.

Discussion

Blackberry

From Isaac Schinazi on March 22, 2013 :: 1:21 pm

Blackberry? Anyone?
Despite what people think about BlackBerry’s future, there’s tens of thousands, maybe hundreds of thousands of people using one at this moment. Why isn’t there any information about the BlackBerry? At the least a line saying “sorry we don’t have any information about BlackBerries.”

It's good news for BB (sort of)

The good news for BlackBerry is that malware is extremely rare. McAfee and others make antimalware apps for BlackBerry, but we haven’t seen any independent testing and it’s hard to recommend purchasing one given the rarity of malware. It’s possible the risks may change in the future, but given the direction of BlackBerry’s market share, combined with the fact that BB owners probably download far fewer apps (which is the primary attack vector) than Android and iOS users, I think BB will remain a relatively safe platform as hackers choose to focus their attention elsewhere.

Thanks

Ad networks too...

From Jim Meyers on March 24, 2013 :: 11:38 pm

Don’t forget about the role that ad networks play in this mess. With the exception of Airpush, which has taken a major role in eliminating malware for the apps on its network, mobile ads and the apps that deliver them are often infected with malware aimed for your phone (most likely Android). Progress is being made, but more needs to be done. Have to be exceptionally careful in terms of the apps you download and the ads you engage with.

Good advice!

Thanks Mariella for this wonderful article. Up until a couple months ago I was almost blind to this problem, but then recently several people I know were suddenly infected with malware on their phones. What they had in common were they were all gamers and downloaded lots of different games a lot.

That’s a good suggestion to schedule a weekly scan of your phone just to be sure. I don’t feel a threat with receiving malware because my phone habits are safe (I’m not much of a gamer, web surfer or advertisement clicker on my phone), but I still have AVG installed now as a precaution because you never know.

Please note if the apps

From Michelle M on April 30, 2013 :: 2:27 pm

Please note if the apps you select, work with NOOKs or not! Or, please also inform us of apps from the NOOK store that do comparable jobs. I spent precious time on the phone and online only to discover this! I don’t choose to own a Kindle.

Good news and bad news

Since all Nook apps are downloaded through the B&N Nook store, the likelihood you would get a rogue app is very, very small. So there’s not much need for malware protection on the Nook compared to a standard Android tablet. On the flip side, there is only one choice for security software (AVG Pro) and it costs $4.99.